Hey everyone!
In a previous thread, I was able to get a solid kerberos double-hop solution setup for a web server with a file server storing the content. Now I'm on to the last portion of the overall architecture for this solution... adding a WAP in front it all.
So this part works with Kerberos Constrained Delegation:
Client --> Web Server --> File Server
I need to add a WAP in front of it so it looks like this:
Client --> WAP --> Web Server --> File Server
I have KCD setup and working perfectly if I host the content locally on the web server and the test Auth pages registers it as a Kerberos connection.
Client --> WAP --> Web Server
The problem is I need that File Server backing it all. I'm not sure if this is considered a triple hop since the first auth isn't Kerberos but an ADFS form. The ADFS auth portion is working as evidenced by just using the content hosted locally.
I've done a bunch of research and haven't found anything that lends itself to the "Client --> WAP --> Web Server --> File Server" config. I've tried delegating "CIFS/FileServer" to the WAP account just like the delegation for "HTTP/mysitename" but that didn't seem to take care of it.
Any guidance or help would be greatly appreciated!